package com.cgycms.webdeploy.aop.aspect;

import com.cgycms.webdeploy.aop.Auth;
import com.cgycms.webdeploy.auth.MenuEnum;
import com.cgycms.webdeploy.auth.RolesEnum;
import com.cgycms.webdeploy.common.AuthException;
import com.cgycms.webdeploy.controller.BaseController;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.aspectj.lang.annotation.Pointcut;
import org.aspectj.lang.reflect.MethodSignature;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;

import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.stream.Collectors;

/**
 * @ClassName : AuthAspect
 * @Description : 权限拦截
 * @Author : 王力超
 * @Date: 2020-11-10 14:42
 */
@Aspect
@Component
public class AuthAspect extends BaseController {

    private static Logger log = LoggerFactory.getLogger(AuthAspect.class);


    @Pointcut("@annotation(com.cgycms.webdeploy.aop.Auth)")
    public void annotationPointCut() {
    }

    @Before("annotationPointCut()")
    public void after(JoinPoint joinPoint) {

        MethodSignature signature = (MethodSignature) joinPoint.getSignature();

        Method method = signature.getMethod();

        Auth action = method.getAnnotation(Auth.class);
        if (!action.ok()) {
            return;
        }

        List<MenuEnum> menus = Arrays.asList(action.menus());
        List<RolesEnum> roles = Arrays.asList(action.roles());

        List<MenuEnum> userMenu = user().getMenus() == null ? new ArrayList<>() : user().getMenus();
        List<RolesEnum> userRole = user().getRoles() == null ? new ArrayList<>() : user().getRoles();

        List<RolesEnum> admin = userRole.stream().filter(a -> "ADMIN".equals(a.name())).collect(Collectors.toList());
        List<MenuEnum> menuAll = userMenu.stream().filter(a -> "ALL".equals(a.name())).collect(Collectors.toList());

        boolean roleFlag = false;
        boolean menuFlag = false;

        //兼容不需要控制的请求,超级操作权限，超级管理员
        int menuNo = menus.stream().filter(a -> "NO".equals(a.name())).collect(Collectors.toList()).size();
        if (menuNo > 0 || menuAll.size() > 0 || admin.size() > 0) {
            menuFlag = true;
        }
        int roleNo = roles.stream().filter(a -> "NO".equals(a.name())).collect(Collectors.toList()).size();
        if (roleNo > 0 || admin.size() > 0) {
            roleFlag = true;
        }

        //拥有菜单权限
        for (RolesEnum rolesEnum : roles) {
            List<RolesEnum> roleList = userRole.stream().filter(s -> s.name().equals(rolesEnum.name())).collect(Collectors.toList());
            if (roleList.size() > 0) {
                roleFlag = true;
                break;
            }
        }

        //拥有操作权限
        for (MenuEnum menu : menus) {
            List<MenuEnum> menuList = userMenu.stream().filter(s -> s.name().equals(menu.name())).collect(Collectors.toList());
            if (menuList.size() > 0) {
                menuFlag = true;
                break;
            }
        }
        if (roleFlag == true && menuFlag == true) {
            log.debug("{}功能有此权限！菜单权限：{},操作权限：{}", action.value(), roleFlag, menuFlag);
        } else {
            log.debug("{}功能无权限！菜单权限：{},操作权限：{}", action.value(), roleFlag, menuFlag);
            throw new AuthException("抱歉,您无权限操作！");
        }
    }

}
